You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This might be used to check for the eval(TrustedScript) support. It can't be polyfilled, and requires some support from the JavaScript runtime, so it's possible there would exist environments in which eval(TrustedScript) is not available, whereas other TT restrictions are supported. The check then might be:
if(eval(trustedTypes.emptyScript)){// Traditionally, eval(nonString) returns its input, and Objects are truthy.eval("we_have_to_use_strings_here");}else{// eval(TrustedScript) would execute if supported, returning a falsy value.eval(myTrustedScriptObj)}
That would allow authors to set up script-src 'unsafe-eval' 'trusted-script'; trusted-types a b c which would lock down eval() as much as it is possible for a given environment.
The text was updated successfully, but these errors were encountered:
This might be used to check for the
eval(TrustedScript)
support. It can't be polyfilled, and requires some support from the JavaScript runtime, so it's possible there would exist environments in whicheval(TrustedScript)
is not available, whereas other TT restrictions are supported. The check then might be:or
That would allow authors to set up
script-src 'unsafe-eval' 'trusted-script'; trusted-types a b c
which would lock down eval() as much as it is possible for a given environment.The text was updated successfully, but these errors were encountered: